Fix an endless loop DoS vulnerability in parse_packet().
When a correct "Signature part" is received by a Collectd instance
configured without the AuthFile option, an endless loop occurs due to a
missing pointer increment to the next unprocessed part. (Closes: #859494)
When a correct "Signature part" is received by a Collectd instance
configured without the AuthFile option, an endless loop occurs due to a
missing pointer increment to the next unprocessed part. (Closes: #859494)
8 years agobts833013-gcry-init.dpatch: Merge upstream commit a3000cbe. wheezy collectd-5.1.0-3+deb7u2
bts833013-gcry-init.dpatch: Merge upstream commit a3000cbe.
This propagates gcry_control() errors or, else, we'd revert the fix from the
previous upload.
This propagates gcry_control() errors or, else, we'd revert the fix from the
previous upload.
patches/: Added bts833013-gcry-init.dpatch.
Fix initialization of libgcrypt: Initialize the library before using any other
functions to ensure that thread-safety is set up appropriately. This fixes
potential crashes of the network plugin and a regression introduced in
5.1.0-3+deb7u1 which ultimately surfaced the issue.
Thanks to Antoine Sirinelli for reporting this.
Closes: #833013
Fix initialization of libgcrypt: Initialize the library before using any other
functions to ensure that thread-safety is set up appropriately. This fixes
potential crashes of the network plugin and a regression introduced in
5.1.0-3+deb7u1 which ultimately surfaced the issue.
Thanks to Antoine Sirinelli for reporting this.
Closes: #833013
Release changelog to wheezy-security.
patches/bts832577-gcry-control.dpatch: Fix improper usage of gcry_control.
A team of security researchers at Columbia University and the University of
Virginia discovered that GCrypt's gcry_control is sometimes called without
checking its return value for an error. This may cause the program to be
initialized without the desired, secure settings.
Closes: #832577
A team of security researchers at Columbia University and the University of
Virginia discovered that GCrypt's gcry_control is sometimes called without
checking its return value for an error. This may cause the program to be
initialized without the desired, secure settings.
Closes: #832577
patches/CVE-2016-6254.dpatch: Fix heap overflow in the network plugin.
Emilien Gaspar has identified a heap overflow in parse_packet(), the function
used by the network plugin to parse incoming network packets.
Thanks to Florian Forster for reporting the bug in Debian.
Closes: #832507, CVE-2016-6254
Emilien Gaspar has identified a heap overflow in parse_packet(), the function
used by the network plugin to parse incoming network packets.
Thanks to Florian Forster for reporting the bug in Debian.
Closes: #832507, CVE-2016-6254
Fixed migrate-4-5-df.dpatch: Added missing end quotes.
migrate-4-5-df.dpatch: Fixed patch format.
Prepared changelog for release.
collectd-core.collectd.init.d: Catch disabled state in start/restart.
Don't exit with an error status in that case. Amongst others, this fixes an
upgrade of collectd when the daemon is disabled.
Thanks to Florian Ernst for reporting this and Evgeni Golov for providing (an
early) patch!
To let those changes to work correctly, don't use 'set -e' and 'exit 0' (at
the end) in order to let return statuses propagate correctly.
Closes: #681216
Don't exit with an error status in that case. Amongst others, this fixes an
upgrade of collectd when the daemon is disabled.
Thanks to Florian Ernst for reporting this and Evgeni Golov for providing (an
early) patch!
To let those changes to work correctly, don't use 'set -e' and 'exit 0' (at
the end) in order to let return statuses propagate correctly.
Closes: #681216
changelog: The migrate-4-5 related changes close #681363.
collectd-core.postinst: Pass --rrd* parameters to migrate-4-5.px.
… in order to let the script find those binaries/scripts.
… in order to let the script find those binaries/scripts.
patches/: Added migrate-4-5-df.dpatch.
… fixing the migration of 'df' values in migrate-4-5.px; thanks to
'markuskaindl' for reporting this on IRC.
… fixing the migration of 'df' values in migrate-4-5.px; thanks to
'markuskaindl' for reporting this on IRC.
po/: Formating changes made by debconf-updatepo.
changelog: Updated for release.
init.d: Use log_* and status_of_proc functions from LSB's init functions.
… in order to make collectd's output look like all the other output.
Thanks to Matthias Urlichs for pointing this out.
Closes: #679355
… in order to make collectd's output look like all the other output.
Thanks to Matthias Urlichs for pointing this out.
Closes: #679355
collectd-core.collectd.init.d: Source /lib/lsb/init-functions.
This will make systemd work in compatibility mode.
Thanks to Michael Stapelberg for reporting this.
Closes: #679544
This will make systemd work in compatibility mode.
Thanks to Michael Stapelberg for reporting this.
Closes: #679544
po/: Updated Spanish debconf translation; thanks to Omar Campagne.
Closes: #679281
Closes: #679281
po/: Updated French debconf translation; thanks to Steve Petruzzello.
Closes: #678614
Closes: #678614
po/: Updated Galician debconf translation; thanks to Jorge Barreiro.
Closes: #678467
Closes: #678467
po/: Updated Polish debconf translation; thanks to Michał Kułach.
Closes: #678157
Closes: #678157
po/: Updated Portuguese debconf translation; thanks to Américo Monteiro.
Closes: #678048
Closes: #678048
po/: Updated Russian debconf translation; thanks to Yuri Kozlov.
Closes: #678016
Closes: #678016
po/: Updated Czech debconf translation; thanks to Martin Šín.
Closes: #677949
Closes: #677949
po/: Updated Danish debconf translation; thanks to Joe Dalton.
Closes: #677908
Closes: #677908
po/: Added Slovak debconf translation; thanks to 'helix84'.
Closes: #677902
Closes: #677902
po/sv.po: Updated by debconf-updatepo.
po/: Updated Swedish debconf translation; thanks to Martin Bagge.
Closes: #677842
Closes: #677842
control, rules: Build depend on libmodbus-dev and enabled modbus plugin.
5.1 now supports libmodbus 3; thanks to Ivo De Decker for reporting this.
Closes: #639796
5.1 now supports libmodbus 3; thanks to Ivo De Decker for reporting this.
Closes: #639796
collectd-core.postinst: Don't create unused temp. directory.
po/de.po: Minor corrections.
collectd-core.override: Limit netlink override to appropriate architectures.
po/it.po: Updated by debconf-updatepo.
changelog: Updated timestamp.
Merged branch 'collectd-4'.
Conflicts:
debian/changelog
debian/po/cs.po
debian/po/da.po
debian/po/de.po
debian/po/es.po
debian/po/fr.po
debian/po/nl.po
debian/po/pl.po
debian/po/pt.po
debian/po/pt_BR.po
debian/po/ru.po
debian/po/sv.po
Conflicts:
debian/changelog
debian/po/cs.po
debian/po/da.po
debian/po/de.po
debian/po/es.po
debian/po/fr.po
debian/po/nl.po
debian/po/pl.po
debian/po/pt.po
debian/po/pt_BR.po
debian/po/ru.po
debian/po/sv.po
changelog: Released 4.10.7-2.
po/: Updated German debconf translation.
… based on Holger Wansing's feedback on debian-l10n-german.
… based on Holger Wansing's feedback on debian-l10n-german.
po/: Updated Spanish debconf translation; thanks to Omar Campagne.
Closes: #676383
Closes: #676383
po/: Updated French debconf translation; thanks to S.Petruzzello and C.PERRIER
Closes: #674629
Closes: #674629
po/: Updated Brazilian Portuguese debconf translation; thanks to A. R. Gomes.
Closes: #674589
Closes: #674589
po/: Updated Danish debconf translation; thanks to Joe Dalton.
Closes: #674459
Closes: #674459
po/: Updated Portuguese debconf translation; thanks to Américo Monteiro.
Closes: #674065
Closes: #674065
po/: Added Italian debconf translation; thanks to Beatrice Torracca.
Closes: #674044
Closes: #674044
po/: Updated Russian debconf translation; thanks to Vladimir Zhbanov.
Closes: #673890
Closes: #673890
po/: Updated Swedish debconf translation; thanks to Martin Bagge.
Closes: #673888
Closes: #673888
po/: Updated Dutch debconf translation; thanks to Jeroen Schot.
Closes: #673769
Closes: #673769
po/: Updated Polish debconf translation; thanks to Michał Kułach.
Closes: #673697
Closes: #673697
po/: Updated Czech debconf translation; thanks to Martin Šín.
Closes: #673693
Closes: #673693
5.1 supports syslog logging; closes #632940.
changelog: New upstream release closes #630968.
control: Added collectdctl to collectd-utils description.
control: Let collectd-dev depend on collectd << 5.2~.
… rather than 4.11~.
… rather than 4.11~.
po/de.po: Fixed syntax error.
changelog: Documented which new plugins are disabled on kfreebsd.
po/: Updated German debconf translation.
Auto-updated po files.
source/format: Set to "1.0" for now.
NEWS.Debian: Fixed typo identified by lintian.
Thanks! ;-)
Thanks! ;-)
Added debconf queries and code to automatically migrate from v4.
This is mostly based on the v3 → v4 migration.
This is mostly based on the v3 → v4 migration.
rules: Install contrib/exec-ksm.sh as example.
collectd-core.install: Install migrate-4-5.px.
NEWS.Debian: Documented the upgrade from version 4 to 5.
Merged branch 'master' of git://git.tokkee.org/pkg-collectd.
libcollectdclient0.symbols: Added lcc_sort_identifiers introduced in 5.1.0.
rules: Disabled ethstat, md, and numa plugins on kfreebsd.
These plugins are Linux specific.
These plugins are Linux specific.
changelog: Updated timestamp of 5.1.0-1 entry.
Install collectdctl and collectdctl.1 to collectd-utils.
rules: Disabled write_mongodb; libmongoc is required.
changelog, collectd.conf: Added new plugins introduced in version 5.1.0.
copyright: Updated for version 5.1.0.
changelog: Updated to 5.1.0-1.
Merged branch 'collectd-4'.
patches/: Added rtnl_dump_filter.dpatch.
This patch updates the rtnl_dump_filter() signature to recent versions of
iproute2.
This patch updates the rtnl_dump_filter() signature to recent versions of
iproute2.
control: Explicitly build-depend on libkvm-dev on kfreebsd.
This is required by the processes, swap and tcpconns plugins.
This is required by the processes, swap and tcpconns plugins.
changelog: New upstream fixes #664429 (kfreebsd FTBFS).
rules: Work around #673431 (kvm.h requires sys/types.h).
… by forcing the processes plugin on kfreebsd and manually defining
HAVE_STRUCT_KINFO_PROC_FREEBSD.
… by forcing the processes plugin on kfreebsd and manually defining
HAVE_STRUCT_KINFO_PROC_FREEBSD.
rules: Use $(shell …) rather than `…`.
For consistency … ;-)
For consistency … ;-)
rules: define and export DEB_BUILD_MAINT_OPTIONS hardening opts.
po/de.po: Updated German debconf translation.
Auto-updated po files.
copyright: Updated Debian copyright years.
po/: Added Polish debconf template translation.
Thanks to Michał Kułach.
Closes: #672739
Thanks to Michał Kułach.
Closes: #672739
po/: Added Brazilian Portuguese debconf template translation.
Thanks to Adriano Rafael Gomes.
Closes: #662174
Thanks to Adriano Rafael Gomes.
Closes: #662174
po/: Added Danish debconf template translation; thanks to Joe Dalton.
Closes: #660918
Closes: #660918
control: Use linux-any, kfreebsd-any, etc.
… rather than hardcoded list of non-Linux architectures to make life of
porters easier; thanks to Robert Millan for reporting this and providing a
pointer to the fix.
Closes: #634690
… rather than hardcoded list of non-Linux architectures to make life of
porters easier; thanks to Robert Millan for reporting this and providing a
pointer to the fix.
Closes: #634690
collectd-core.collectd.init.d: Use the exit codes specified by LSB in status.
Thanks to Michael Prokop for reporting this.
Closes: #615840
Thanks to Michael Prokop for reporting this.
Closes: #615840
collectd-core.collectd.init.d: Added cpufrequtils to should-start.
Else collectd does not reliably detect all CPUs; thanks to Mathias Bauer for
reporting and debugging this.
Closes: #662040
Else collectd does not reliably detect all CPUs; thanks to Mathias Bauer for
reporting and debugging this.
Closes: #662040
control: Build depend on javahelper providing java-arch.sh.
rules: Use /usr/share/javahelper/java-arch.sh to determine the Java arch.
Thus, we make sure armhf and armel are supported as well; thanks to peter
green for reporting this and providing the pointer.
Closes: #656274
Thus, we make sure armhf and armel are supported as well; thanks to peter
green for reporting this and providing the pointer.
Closes: #656274
collectd-core.{postrm,templates}: Prompt the user when purging the data dir.
This provides an option to keep the data. The question (debconf priority high)
defaults to remove the data
Closes: #631167
This provides an option to keep the data. The question (debconf priority high)
defaults to remove the data
Closes: #631167
control: Updated to standards-version 3.9.3 -- no changes.
rules: Don't force building of the ipvs plugin.
The ip_vs.h check has been fixed in configure.
The ip_vs.h check has been fixed in configure.
patches/00list: Removed ipvs_h_include.dpatch.
changelog: Mention the fix for #619123.
This has been removed in the previous commit; re-introduced in the "new
upstream release" section.
This has been removed in the previous commit; re-introduced in the "new
upstream release" section.
patches/: Removed bts619123_mkdir_endless_loop_fix, ipvs_h_include.
Applied upstream.
Applied upstream.
changelog: Updated to 4.10.7-1.
README.Debian: Added section 'Cleanup of old data'.
… explaining how to get rid of out-dated data files (e.g. RRD files).
… explaining how to get rid of out-dated data files (e.g. RRD files).
Updated changelog.
rules: Use dpkg-buildflags to determine compiler/linker flags.
This also enables hardening build flags.
This also enables hardening build flags.
copyright: Updated to 4.10.5.